Distributed systems, such as file systems and directory systems, store replicas, or copies, of the same information on a number of different nodes (i.e., servers). Having a number of nodes with replicas provides benefits such as fault tolerance, high availability of information, and improved system performance. A subset of these distributed systems allows each node that stores a replica of information to accept original changes to the information. That is, a node has authority to provide both read and write access to the information. These systems also employ a replication protocol where nodes obtain from one another the changes that have been made to the information. This allows the nodes to each operate in isolation, and then “sync up” with their peers later such that other nodes can be made current. These types of systems are referred to as multi-master replication systems.
Lightweight Directory Access Protocol (LDAP) systems are examples of systems that are sometimes implemented as multi-master replication systems. LDAP systems are used to store many sorts of data including data supplied by users, such as addresses and passwords, and also data provided by managed IT systems, such as permissions. Organizations very often want to enforce rules, or business logic, on the data stored in LDAP directories. For example, one such directory may store user identification numbers. An IT organization may want the system to enforce a rule that requires user identification numbers to be unique, i.e., no two users may have the user identification number. Unfortunately, in LDAP systems implemented as multi-master replication systems, this is difficult to accomplish. Each node can accept write requests for a user's identification number with different values. While each node could check data against the rule, they are limited to its own view of the data. It is possible that other nodes are concurrently accepting writes not yet known to a particular node which, when replication is complete, will leave the system in such a state that is inconsistent with respect to the rule (i.e., the same identification number is assigned to different users).
It is with respect to these and other considerations that embodiments of the present invention have been made. Also, although relatively specific problems have been discussed, it should be understood that embodiments of the present invention should not be limited to solving the specific problems identified in the background.